Idaho is among the 30 states that on Thursday reached a $10 million settlement agreement in a lawsuit against the biggest healthcare provider in the Northwest, following a massive hack of the company’s database.
The health insurance company Premera failed to adequately protect its customer data, according to a news release from the Idaho Office of the Attorney General. That failure led, in 2014, to a hacker gaining access to data on 10.4 million customers nationwide — including 270,000 in Idaho. For almost a year, customer information — such as sensitive personal information, private health information, Social Security numbers, bank account information, names, addresses, dates of birth, member identification numbers, and email addresses — was available to the hacker.
There were “multiple known weaknesses in Premera’s data security,” according to the release, and the hacker took advantage of them. Cybersecurity experts for years warned Premera about the risks of their inadequate security system, and the company did not heed those admonitions.
Idaho’s share of the settlement includes $240,000, which will be deposited into the state’s Consumer Protection Fund, according to the release. In addition to that, the company was ordered to ensure its consumer data is protected, and provide states with security reports, completed by a third party expert.